You have not chosen to trust go daddy secure certificate authority-G2, when connecting from a MAC

Hello:

We have installed a new Citrix Farm and we are almost ready to begin testing that new Citrix farm with some of our company employees/users.  Hence, we have 2 Citrix farms working side-by-side and both are independent of each other(using different virtual servers and different netscaler web addresses).  We are using the older Citrix Setup for production until we have properly tested the new Citrix setup.

My questions are:

1.  Why do I get a Citrix Receiver error "You have not chosen to trust go daddy secure certificate authority-G2, the issuer of the server's security certificate."  when I try to launch an application from the new Netscaler external web address, while using my Apple MacBook Air?
          a.  The 2 browsers that I have tried are Safari or Chrome?
          b.  Both browsers get the same pop-up message error.
          c.  The new netscaler address is https://test.company.org .

If I use the same external netscaler address (for the new Citrix Setup) on a Windows PC there are no problems.  I have used Internet Explorer, Google Chrome and Mozilla Firefox without any problems.  I think there must be a setting that should be set in Safari, on my MacBook Air.

My MAC does work just fine when I use a separate netscaler address that we have setup when we are inside the company network.  That web address is https://storefront.company.org.  Perhaps a setting must be set in the safari security settings for the external netscaler web address (https://test.company.org).

Equally important, everyone that is using a Mac or any device) from our company is using the production web address just fine (https://portal.company.org).  That same web address works just fine on my MacBook Air.  The problem is with the new external netscaler Web access.  I can authenticate just fine; but, I cannot trigger the Citrix Receiver to work correctly with the external web address on my Mac.

Any ideas?
LVL 1
PkafkasNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PkafkasNetwork EngineerAuthor Commented:
I did find this article; but, I do not beleive that is the answer:  

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28333011.html

I have not tried the above suggestion yet.
Dirk KotteSECommented:
Doublecheck you have uploaded and linked the full certificate chain at the NetScaler.
If windows workstations are satisfied with the certificate chain from the server, possible you have to install this CA and sub-CA certificates at the MAC workstation. I have seen this already.
PkafkasNetwork EngineerAuthor Commented:
How do I do as you suggest?

1.  Doublecheck you have uploaded and linked the full certificate chain at the NetScaler.


2.  How may I install this CA and sub-CA certificates at the MAC workstation?


3.  Please disregarding my above comment, that is not the not correct web link, that I wanted to reference.
       a.  The web link that I wanted to reference is:  https://discussions.apple.com/thread/3853617?start=0&tstart=0

Any thoughts?
PkafkasNetwork EngineerAuthor Commented:
I have tried 3 different Apple Laptops and they all get the same error message when trying to access the external Netscaler Citrix Portal.  

The problem does not appear to be exclusively my my MAC laptop.
Dirk KotteSECommented:
ok, step by step:
1 certificate chain at the NS
NS - Configure - Traffic Management - SSL - certificates
- select your vServer cert -> Actions-cert links -- you should see the sub-ca certificate
- select sub-ca -> Actions-cert links -- you should see the root-CA and the vServer certificate
- select root-ca -> Actions-cert links -- you should see the sub-CA  certificate
if there are no links, you can correct this within the action menu also

2 check step 17-21 from your linked guide

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PkafkasNetwork EngineerAuthor Commented:
Thank you for your efforts the Citrix Consultant logged on and made some changes on the Licensing server.  I am not sure what he did exactly.
I tried your notes and I was not able to see the certs that were needed.
Dirk KotteSECommented:
an example for installing digicert certificates:
https://www.digicert.com/csr-creation-ssl-installation-citrix-netscaler.htm#citrix_netscaler_vpx_ssl_certificate_install
check  2. II. 9   for certificate chain & links
PkafkasNetwork EngineerAuthor Commented:
I am going to try and find out what the Citrix consultant did to fix the SSL issue and report back to this ticket.
goldiedCommented:
Apple dont always ship the most up to date truated certificates with their software updates, this is something microsoft is very good at. the only choice you have is to install these. here is a list of supported certificates from Apple.

https://support.apple.com/en-us/HT202858
PkafkasNetwork EngineerAuthor Commented:
I am not sure what the consultant has done to fix the situation.  He did not share it with me.  I will provide points for this case to the experts that have provided feedback.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.